I still can't map the printer on the inside interface from the ouside. I added the following statement

static (inside,outside) xxx.xxx.120.103 10.xxx.180.103 netmask 255.255.255.255 tcp 1 0

Then I addedd the ouside server to allow enterance on ouside interface but still can not see it.

I tryied to ping but I alway get denied. Can you ping from a lower security interface to a higher one?

access-list outside_access_in extended permit icmp xxx.xxx.21.0 255.255.255.128 any

Can't get it to work.

Mike

Mike,

Post your config - sanitised of course.

HTH>

Here is me config.

Is the security level wrong on my interface? I have 0 on the outside and 100 on the inside. These were the defaults.

thanks

mike

The server that needs to access the inside printer is

xxx.xxx.23.170 VMS5_Banner witch is part of the Allowed_Out Policy group and here is the acl for that (well I thught it was)

access-list outside_access_in extended permit ip object-group Allowed_Out object-group Allowed_Int

and the inside subnet is part of the Allowed_in.

Did I do it correctly.

Mike

That looks OK now you have explained the object names.

Looks like it should work, as you sure the printer has IP connectivity?

You were right. After I add the permission for the xxx.xxx.23.170 (VMS5-BANNER)

access-list outside_access_in extended permit ip host VMS5_BANNER host xxx.xxx.120.103

Life is good. It works!

Thanks

mike

np - glad to help.